[Samba] FW: DNS record info (samba-tool)

Stuart Naylor stuartiannaylor at thursbygarden.org
Wed Apr 9 11:36:07 MDT 2014 

Apols again.

With samba-tool domain provision the --option= allows you to set smb.conf options.
I would like to set the forwarder on provision and I guess this is where to do it?

When it comes to smb.conf options it would seem a large part of samba3 options are now redundant.

Is there a list of current samba4 smb.conf options?

Then also with samba-tool domain join it creates a smb.conf that doesn't have the complete smb.conf from the DC it just joined.
Again xattrs and userfc could be missing and my first reaction was surely when joining a domain its going to need to be the same?

Last question with xattrs is it actually better to supply auto there and if you have shares in different file systems is it clever or does that throw a proverbial spanner?

My system is installed on ext4 with a couple of btrfs subvolumes for shares.

Sysvol is a share and I just thought I have never edited fstab for acl and xattrs on my system, but all seems to work ok?

I am really starting to like BTRFS especially being able to mount subvolumes, partitions without defined size that share a disk.

I guess before my samba install I could create a system subvolume and mount in on /var/lib/samba/

BTRFS seems great as a share directory but for databases which in essence what  /var/lib/samba/ contains its not all that good I hear.

Anyone given it a try?

Stuart

 
 
-----Original message-----
> From:Günter Kukkukk <linux at kukkukk.com>
> Sent: Wednesday 9th April 2014 3:01
> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
> Subject: Re: [Samba] FW:  DNS record info (samba-tool)
> 
> Am 08.04.2014 22:18, schrieb Stuart Naylor:
> > Doh forgot to cc-
> > 
> >  
> >  
> > -----Original message-----
> >> From:Stuart Naylor <stuartiannaylor at thursbygarden.org>
> >> Sent: Tuesday 8th April 2014 21:16
> >> To: Günter Kukkukk <linux at kukkukk.com>
> >> Subject: RE: [Samba] DNS record info (samba-tool)
> >>
> >> Brilliant, glad about that as zones pretty much done on set up and no worry about a restart.
> >>
> >> Great that adding records to a zone doesn't as restarting samba for that each time would be a bit strange in production.
> >>
> >> Gunter apols to ask you again but you do seem to be a wealth of infomation.
> >>
> >> With samba-tool and dns entries the only documented dns add is something like
> >>
> >>
> >> samba-tool dns add SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
> >>
> >> Am I confused as the cli presents this samba-tool dns add <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
> >>
> >> So the above is server=SAMBA1.SAMBA4.LAN zone=1.168.192.in-addr.arpa name=32 PTR data=SAMBA1.SAMBA4.LAN
> >>
> >> To be honest it was just 'name' that threw me.
> >>
> >> root at samba1:~# samba-tool dns delete
> >> Usage: samba-tool dns delete <server> <zone> <name> <A|AAAA|PTR|CNAME|NS|MX|SRV|TXT> <data>
> >>
> >> would be samba-tool dns delete SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa 32 PTR SAMBA1.SAMBA4.LAN --username=administrator
> >>
> >> which it was.
> 
> 
> Hi Stuart,
> 
> first of all let us have a look at "--username=administrator" aka "-Uadministrator"
> which is needed with many samba-tool commands.
> 
> To avoid entering it over and over again, one can use
>      kinit administrator at YOUR.REALM
> and then enter the password *once*.
> 
> From now on the administrator and its password can be omitted with samba-tool commands.
> AFAIR there is at least one exception from this rule when using
>     samba-tool domain demote
> Here the -Uadministrator had to be used, but i might be wrong here ....
> 
> >>
> >> So you can have duplicate 'names' as long as the data points to the correct entry?
> 
> Now it starts to get a bit problematically.  :-(
> 
> Sure, you can add many A or AAAA records pointing to the same host. (a host can have many of them)
> Same holds true for the reverse PTR records and others...
> 
> But - (atm) samba-tool also *allows* you to add records which are wrong, e.g. CNAME entries.
> When you have a look at (i assume the ISC bind tools are installed):
>    dig irc.freenode.org
> 
> ...
> ;; ANSWER SECTION:
> irc.freenode.org.       84      IN      CNAME   irc.freenode.net.
> irc.freenode.net.       41      IN      CNAME   chat.freenode.net.
> chat.freenode.net.      299     IN      A       193.219.128.49
> chat.freenode.net.      299     IN      A       185.30.166.35
> ... and so on
> A CNAME alias *must always* point to an already *existing* A/AAAA (or even CNAME) record!
> In the above example a CNAME points to another CNAME, which then points to many A records.
> Most docus note that this should be avoided due to performance - but it's valid.
> 
> Now back to samba-tool.
> Here i add 2 CNAME records which point to *not existing* hostname records:
>    samba-tool dns add li4771-131 addlz.kukkukk.com abcd.addlz.kukkukk.com CNAME notthere.addlz.kukkukk.com
>    samba-tool dns add li4771-131 addlz.kukkukk.com xyz1.addlz.kukkukk.com CNAME wrong.addlz.kukkukk.com
> Both commands add the CNAMEs without problem - but they are wrong and cannot be resolved by dns queries!
> 
> I guess, when trying the same with dyn. DNS updates, those CNAMEs will fail... cause there the existence
> of the resulting host will be usually checked as a "prerequisite" ...
> 
> A last hint:
> The name "samba-tool" is nice - but a bit long.
> So i added the following to ~/.bashrc
>    alias st=samba-tool
> (then use "source ~/.bashrc" to get it reloaded)
> From now on one can use "st" instead of longer "samba-tool".  :-)
> Note that the command "st" should not be in use already.
> 
> Cheers,  Günter
> 
> >>
> >> Stuart
> >>
> >>  
> >>  
> >>  
> >> -----Original message-----
> >>> From:Günter Kukkukk <linux at kukkukk.com>
> >>> Sent: Tuesday 8th April 2014 20:26
> >>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>
> >>> Cc: samba at lists.samba.org
> >>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>
> >>> Am 08.04.2014 20:31, schrieb Stuart Naylor:
> >>>> Thanks Gunter,
> >>>>
> >>>> I am keeping to the internal, I am not a fan of bind in this scenario.
> >>>>
> >>>> Gunter so even though it lists that is just an RPC call but actually the working record needs a restart?
> >>>>
> >>>> I am trying to do a webmin module for Samba4 rather than use any RSAT tools.
> >>>>
> >>>> The DNS part is a little confusing :)
> >>>>
> >>>> Stuart 
> >>>
> >>> there are (at least) 2 ways to manipulate samba (windows) dns entries:
> >>>   - using dce/rpc calls to modify the AD directory directly
> >>>     (e.g. used by samba-tool, MS DNS Manager GUI, ...)
> >>>   - using dynamic DNS
> >>>     (e.g. ISC nsupdate, MS ipconfig /registerdns, ...)
> >>>
> >>> When samba starts, the internal dns server reads all currently defined
> >>> zones (from ADS) - and the containing dns records - into its _own_ data structures.
> >>>
> >>> When a new zone is added, the dce/rpc tools will show it,
> >>> but the internal dns must be restarted.
> >>>
> >>> When you then add new records to any now existing zone, the dns server
> >>> will also track them. So no samba restart is needed.
> >>>
> >>> Cheers, Günter
> >>>
> >>>>
> >>>>  
> >>>>  
> >>>> -----Original message-----
> >>>>> From:Günter Kukkukk <linux at kukkukk.com>
> >>>>> Sent: Tuesday 8th April 2014 19:15
> >>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; Marc Muehlfeld <samba at marc-muehlfeld.de>; samba at lists.samba.org
> >>>>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>>>
> >>>>> Am 08.04.2014 19:08, schrieb Stuart Naylor:
> >>>>>> root at samba1:~# samba-tool dns query SAMBA1.SAMBA4.LAN 1.168.192.in-addr.arpa @ ALL --username=administrator       Password for [SAMBA4\administrator]:
> >>>>>>   Name=, Records=2, Children=0
> >>>>>>     SOA: serial=2, refresh=900, retry=600, expire=86400, minttl=3600, ns=samba1.samba4.lan., email=hostmaster.samba4.lan. (flags=600000f0, serial=2, ttl=3600)
> >>>>>>     NS: samba1.samba4.lan. (flags=600000f0, serial=1, ttl=3600)
> >>>>>>   Name=32, Records=1, Children=0
> >>>>>>     PTR: SAMBA1.SAMBA4.LAN (flags=f0, serial=2, ttl=900)
> >>>>>>
> >>>>>>
> >>>>>> @ ALL seems to do it.
> >>>>>> trying to use samba-tool and not the RSAT tools.
> >>>>>>
> >>>>>> any more info anyone?
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>> Stuart
> >>>>>>
> >>>>>>
> >>>>>>  
> >>>>>>  
> >>>>>> -----Original message-----
> >>>>>>> From:Marc Muehlfeld <samba at marc-muehlfeld.de>
> >>>>>>> Sent: Tuesday 8th April 2014 17:55
> >>>>>>> To: Stuart Naylor <stuartiannaylor at thursbygarden.org>; samba at lists.samba.org
> >>>>>>> Subject: Re: [Samba] DNS record info (samba-tool)
> >>>>>>>
> >>>>>>> Hello Stuart,
> >>>>>>>
> >>>>>>> Am 08.04.2014 18:08, schrieb Stuart Naylor:
> >>>>>>>> But if I wanted to browse and delete a record how do I do it?
> >>>>>>>
> >>>>>>>
> >>>>>>> Have you seen
> >>>>>>> https://wiki.samba.org/index.php/DNS_Administration
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> Regards,
> >>>>>>> Marc
> >>>>>>>
> >>>>>
> >>>>> Are you using the internal samba dns server?
> >>>>> If so, you need to restart samba after adding a dns zone. The zone was
> >>>>> added with rpc calls to the directory, but the dns server doesn't
> >>>>> notice this atm .
> >>>>> Note - also with the bind dlz module, sometimes wrong results have been seen
> >>>>> after adding a zone. So one might also here need to restart bind/samba.
> >>>>>
> >>>>> Cheers, Günter
> >>>>>
> >>>>> -- 
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>> -- 
> >>>
> >>>
> 
> 
> -- 
> 
>

More information about the samba mailing list